The Application And Research In Grid Security Of The RBAC Model Based On The User Delegation

Grid is a kind of new technology, which is the commonly shared resource based on Internet in each aspect. It is a integrated computation and resource environment or called as computation resource pool in which various computer resources can be fully absorbed and transformed into kinds of reliable, standard and economic computation ability that can be obtained everywhere. Grid has been called Internet of next generation.Grid security is the key problem in grid computation environment. Grid is established in different environment on Internet. Internet is an open and versatile public network, which is faced with various security threats, for example, illegal invasions. and grid has its own characteristics different from others. For example, the users and the resources in Grid computation environment are not only numerous but also dynamic and changeable. All of these have put forward different and higher requirements for the security of grid environment. For instance, the users ask to access resources across virtual organization and single sign-on. But the existing network security technology can not be very good to satisfy these requirements.GSI is the current real standard grid security that provide effective security service for grid computing environment. But GSI has several shortages. This paper is to study and analyze deeply the existing grid security infrastructure — the Globus GSI. In this paper a kind of RBAC model based on user delegation into the security certification of grid has been put forward to realize user access to the resource via VO and the mechanism of user single sign-on. In this model, firstly users carry out local login using agency certificate, then, they can access resources of other VO with the authorized delegation if it is necessary. And the policy of accessing the resource should be in accordance with the local policy. This model has stressed the flexibility of RBAC in big user quantity system, and also satisfied the requirement of user single sign-on in grid system. At the same time,it has guaranteed the basic condition that the overall policies are not conflicting with the local ones.Finally, I deployed the experimental environment using the grid develop kits—GT3 in laboratory. At the present time, grid technology is still in the developing stage, various technologies and standards in the course need unceasing improve too.In the end, the analysis and expectation on the development of grid security technology is stated..